[Openswan dev] Errno 28: No space left on device while rekeying

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Matthias" == Matthias Haas <mh at pompase.net> writes:
    Matthias> are no free entries left for rekeying.  In addition it
    Matthias> seems to me that the SA entries are used in a round robin
    Matthias> manner, where every rekeyed SA does not replaye the old
    Matthias> SA, but takes a new entry.  Is this theory correct?  If it
    Matthias> is my only way to cope with this problem is either to size
    Matthias> the tables larger or lower the rekey times to get rid od
    Matthias> the useless SA entries a lot earlier.

  With netkey, that is likely.
  (It was somewhat true of KAME)

  KLIPS should only use the outgoing SA which is referenced in the
eroute table (there is a strong link). Incoming SAs remain until they
expire, unless the peer is also openswan, in which case, the delete SA
messages are pretty reliably acted upon.

  (there is no special code for the openswan case, --- just I know that
openswan implements the heuristic properly)

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRaKzBICLcPvd0N1lAQIH8wf+Nvw0AGNMrfQf/NUYgwwYbKGz+yjmP9U8
wKZS8yD1ILxCYqDr4m4k42M+h9FZtf1wo7y8Kvl8KizPHO/7QVxnKzLxuDjGZhHT
XS9FDsAkQW0+IBwyaS5ZYU4mR/1fd4q/+Vfgc1tJUnMFP7e6Ch1nL4M/tc1U9coG
qU/+rgI0e1W61KNphnc4HUeGie3prEJJ0TsBVdaEXSFJWRom+Sney3Xluv88PIhP
obIM90q142WBhxPGar9BRooq5zC9AmOLNRI0azOKZ+nEQos3k3p13gqeV1Pyz88Z
G/sVmxaDUpGQ68g8oeaK6TEd4/mXkfxcdryYGX5Nl2F+3i2OGWNPLQ==
=SLbR
-----END PGP SIGNATURE-----